[chore] Add interaction filter to complement existing visibility filter (#3111)

* [chore] Add interaction filter to complement existing visibility filter * pass in ptr to visibility and interaction filters to Processor{} to ensure shared * use int constants for for match type, cache db calls in filterctx * function name typo :innocent: --------- Co-authored-by: kim <grufwub@gmail.com>
author: tobi <31960611+tsmethurst@users.noreply.github.com> 2024-07-24 13:27:42 +0200
committer: GitHub <noreply@github.com> 2024-07-24 12:27:42 +0100
commit: c9b6220fef01dce80a31436660cd06b4e1db030f (patch)
tree: 5fbade865a920a5ea04fdd63763eca1880d60c5d /internal/api/client/statuses
parent: [chore] renames the `GTS` caches to `DB` caches (#3127) (diff)
download: gotosocial-c9b6220fef01dce80a31436660cd06b4e1db030f.tar.xz
3 files changed, 84 insertions, 80 deletions
diff --git a/internal/api/client/statuses/statusboost_test.go b/internal/api/client/statuses/statusboost_test.go
index 25aa2ea0f..f6f589a5c 100644
--- a/internal/api/client/statuses/statusboost_test.go
+++ b/internal/api/client/statuses/statusboost_test.go
@@ -173,43 +173,42 @@ func (suite *StatusBoostTestSuite) TestPostBoostOwnFollowersOnly() {
 }
 
 // try to boost a status that's not boostable / visible to us
-// TODO: sort this out with new interaction policies
-// func (suite *StatusBoostTestSuite) TestPostUnboostable() {
-// 	t := suite.testTokens["local_account_1"]
-// 	oauthToken := oauth.DBTokenToToken(t)
-
-// 	targetStatus := suite.testStatuses["local_account_2_status_4"]
-
-// 	// setup
-// 	recorder := httptest.NewRecorder()
-// 	ctx, _ := testrig.CreateGinTestContext(recorder, nil)
-// 	ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"])
-// 	ctx.Set(oauth.SessionAuthorizedToken, oauthToken)
-// 	ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"])
-// 	ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"])
-// 	ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080%s", strings.Replace(statuses.ReblogPath, ":id", targetStatus.ID, 1)), nil) // the endpoint we're hitting
-// 	ctx.Request.Header.Set("accept", "application/json")
-
-// 	// normally the router would populate these params from the path values,
-// 	// but because we're calling the function directly, we need to set them manually.
-// 	ctx.Params = gin.Params{
-// 		gin.Param{
-// 			Key:   statuses.IDKey,
-// 			Value: targetStatus.ID,
-// 		},
-// 	}
-
-// 	suite.statusModule.StatusBoostPOSTHandler(ctx)
-
-// 	// check response
-// 	suite.Equal(http.StatusNotFound, recorder.Code) // we 404 unboostable statuses
-
-// 	result := recorder.Result()
-// 	defer result.Body.Close()
-// 	b, err := ioutil.ReadAll(result.Body)
-// 	suite.NoError(err)
-// 	suite.Equal(`{"error":"Not Found"}`, string(b))
-// }
+func (suite *StatusBoostTestSuite) TestPostUnboostable() {
+	t := suite.testTokens["local_account_1"]
+	oauthToken := oauth.DBTokenToToken(t)
+
+	targetStatus := suite.testStatuses["local_account_2_status_4"]
+
+	// setup
+	recorder := httptest.NewRecorder()
+	ctx, _ := testrig.CreateGinTestContext(recorder, nil)
+	ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"])
+	ctx.Set(oauth.SessionAuthorizedToken, oauthToken)
+	ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"])
+	ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"])
+	ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080%s", strings.Replace(statuses.ReblogPath, ":id", targetStatus.ID, 1)), nil) // the endpoint we're hitting
+	ctx.Request.Header.Set("accept", "application/json")
+
+	// normally the router would populate these params from the path values,
+	// but because we're calling the function directly, we need to set them manually.
+	ctx.Params = gin.Params{
+		gin.Param{
+			Key:   statuses.IDKey,
+			Value: targetStatus.ID,
+		},
+	}
+
+	suite.statusModule.StatusBoostPOSTHandler(ctx)
+
+	// check response
+	suite.Equal(http.StatusForbidden, recorder.Code)
+
+	result := recorder.Result()
+	defer result.Body.Close()
+	b, err := ioutil.ReadAll(result.Body)
+	suite.NoError(err)
+	suite.Equal(`{"error":"Forbidden: you do not have permission to boost this status"}`, string(b))
+}
 
 // try to boost a status that's not visible to the user
 func (suite *StatusBoostTestSuite) TestPostNotVisible() {
diff --git a/internal/api/client/statuses/statusfave_test.go b/internal/api/client/statuses/statusfave_test.go
index 5a35351e4..d1042b10e 100644
--- a/internal/api/client/statuses/statusfave_test.go
+++ b/internal/api/client/statuses/statusfave_test.go
@@ -89,43 +89,42 @@ func (suite *StatusFaveTestSuite) TestPostFave() {
 }
 
 // try to fave a status that's not faveable
-// TODO: replace this when interaction policies enforced.
-// func (suite *StatusFaveTestSuite) TestPostUnfaveable() {
-// 	t := suite.testTokens["local_account_1"]
-// 	oauthToken := oauth.DBTokenToToken(t)
-
-// 	targetStatus := suite.testStatuses["local_account_2_status_3"] // this one is unlikeable and unreplyable
-
-// 	// setup
-// 	recorder := httptest.NewRecorder()
-// 	ctx, _ := testrig.CreateGinTestContext(recorder, nil)
-// 	ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"])
-// 	ctx.Set(oauth.SessionAuthorizedToken, oauthToken)
-// 	ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"])
-// 	ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"])
-// 	ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080%s", strings.Replace(statuses.FavouritePath, ":id", targetStatus.ID, 1)), nil) // the endpoint we're hitting
-// 	ctx.Request.Header.Set("accept", "application/json")
-
-// 	// normally the router would populate these params from the path values,
-// 	// but because we're calling the function directly, we need to set them manually.
-// 	ctx.Params = gin.Params{
-// 		gin.Param{
-// 			Key:   statuses.IDKey,
-// 			Value: targetStatus.ID,
-// 		},
-// 	}
-
-// 	suite.statusModule.StatusFavePOSTHandler(ctx)
-
-// 	// check response
-// 	suite.EqualValues(http.StatusForbidden, recorder.Code)
-
-// 	result := recorder.Result()
-// 	defer result.Body.Close()
-// 	b, err := ioutil.ReadAll(result.Body)
-// 	assert.NoError(suite.T(), err)
-// 	assert.Equal(suite.T(), `{"error":"Forbidden: status is not faveable"}`, string(b))
-// }
+func (suite *StatusFaveTestSuite) TestPostUnfaveable() {
+	t := suite.testTokens["admin_account"]
+	oauthToken := oauth.DBTokenToToken(t)
+
+	targetStatus := suite.testStatuses["local_account_1_status_3"] // this one is unlikeable
+
+	// setup
+	recorder := httptest.NewRecorder()
+	ctx, _ := testrig.CreateGinTestContext(recorder, nil)
+	ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"])
+	ctx.Set(oauth.SessionAuthorizedToken, oauthToken)
+	ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["admin_account"])
+	ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["admin_account"])
+	ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080%s", strings.Replace(statuses.FavouritePath, ":id", targetStatus.ID, 1)), nil) // the endpoint we're hitting
+	ctx.Request.Header.Set("accept", "application/json")
+
+	// normally the router would populate these params from the path values,
+	// but because we're calling the function directly, we need to set them manually.
+	ctx.Params = gin.Params{
+		gin.Param{
+			Key:   statuses.IDKey,
+			Value: targetStatus.ID,
+		},
+	}
+
+	suite.statusModule.StatusFavePOSTHandler(ctx)
+
+	// check response
+	suite.EqualValues(http.StatusForbidden, recorder.Code)
+
+	result := recorder.Result()
+	defer result.Body.Close()
+	b, err := ioutil.ReadAll(result.Body)
+	assert.NoError(suite.T(), err)
+	assert.Equal(suite.T(), `{"error":"Forbidden: you do not have permission to fave this status"}`, string(b))
+}
 
 func TestStatusFaveTestSuite(t *testing.T) {
 	suite.Run(t, new(StatusFaveTestSuite))
diff --git a/internal/api/client/statuses/statusmute_test.go b/internal/api/client/statuses/statusmute_test.go
index 2fb94443a..62be671fa 100644
--- a/internal/api/client/statuses/statusmute_test.go
+++ b/internal/api/client/statuses/statusmute_test.go
@@ -151,19 +151,22 @@ func (suite *StatusMuteTestSuite) TestMuteUnmuteStatus() {
   "interaction_policy": {
     "can_favourite": {
       "always": [
-        "public"
+        "public",
+        "me"
       ],
       "with_approval": []
     },
     "can_reply": {
       "always": [
-        "public"
+        "public",
+        "me"
       ],
       "with_approval": []
     },
     "can_reblog": {
       "always": [
-        "public"
+        "public",
+        "me"
       ],
       "with_approval": []
     }
@@ -236,19 +239,22 @@ func (suite *StatusMuteTestSuite) TestMuteUnmuteStatus() {
   "interaction_policy": {
     "can_favourite": {
       "always": [
-        "public"
+        "public",
+        "me"
       ],
       "with_approval": []
     },
     "can_reply": {
       "always": [
-        "public"
+        "public",
+        "me"
       ],
       "with_approval": []
     },
     "can_reblog": {
       "always": [
-        "public"
+        "public",
+        "me"
       ],
       "with_approval": []
     }
author	tobi <31960611+tsmethurst@users.noreply.github.com>	2024-07-24 13:27:42 +0200
committer	GitHub <noreply@github.com>	2024-07-24 12:27:42 +0100
commit	c9b6220fef01dce80a31436660cd06b4e1db030f (patch)
tree	5fbade865a920a5ea04fdd63763eca1880d60c5d /internal/api/client/statuses
parent	[chore] renames the `GTS` caches to `DB` caches (#3127) (diff)
download	gotosocial-c9b6220fef01dce80a31436660cd06b4e1db030f.tar.xz